problem using FTP over SSL
Hello, I installed openssl-0.9.8 on my linux FTP server and I also compiled vsftpd-2.0.3 under RedHat 9 with SSL support (without any errors). And when I try to connect with FileZilla v2.2.16 under Windows XP I get some errors: Commande : AUTH TLS Réponse : 234 Proceed with negotiation. Erreur : Internal error: m_pSslLayer not initialized Erreur : Impossible de se connecter ! But the connection is still established and i can download and upload anyway ! Can you please tell me whats going wrong with my config and what I should do to resolve that problem ? Thanks a lot. ELLERT Alexandre
Re: problem using FTP over SSL
ELLERT Alexandre wrote: I installed openssl-0.9.8 on my linux FTP server and I also compiled vsftpd-2.0.3 under RedHat 9 with SSL support (without any errors). And when I try to connect with FileZilla v2.2.16 under Windows XP I get some errors: Commande : AUTH TLS Réponse : 234 Proceed with negotiation. Erreur : Internal error: m_pSslLayer not initialized This seems imho to be an internal error of FileZilla. Erreur : Impossible de se connecter ! But the connection is still established and i can download and upload anyway ! You can use ssldump (http://www.rtfm.com/ssldump/) for checking whether any SSL handshake is started. Can you please tell me what’s going wrong with my config and what I should do to resolve that problem ? Check the FileZilla configuration for SSL specific options and use ssldump. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
Thank you all friends for your suggestions. I'll try some of them and i'll be back for results ;-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
I think the question was this: why are you trying to invent another secure FTP protocol I'm not inventing anything... there are 3 ways to handle ftp security: SSL connect AUTH SSL AUTH TLS I need to implement the first... if u know of a linux sftp client that uses this type of mechanism please tell me the link (with source obviously ;-) ) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
PBSZ is used when you are negotiating the size of the buffer to be encrypted. If you are using FTP over SSL, the FTP protocol is not performing any authentication or encryption. Therefore, you do not use PBSZ. gomess wrote: It is very unclear to me what type of help you are looking for. There are many SSL/TLS FTP client and server implementations available as open source in addition to the specifications for the protocol which are available as an Internet-Draft. What do you need? well, in the previous 2 messages i tried to explain it... I'm writing an ftp client and i would like to add support for implicit ssl connection... the problem is that after the handshake i try to send the "PBSZ 0" command but i receive no answer from the server... this is the behavoiur with all of the ftp protocol commands... so, i need some help... even some source code of an ftp client that implement "implicit" (not the explicit one with AUTH command etc...) ssl connection... can u give me some help ? thank's :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
PBSZ is used when you are negotiating the size of the buffer to be encrypted. If you are using FTP over SSL, the FTP protocol is not performing any authentication or encryption. Therefore, you do not use PBSZ. Yes, you are right... but i'm sure that these servers i connect to use implicit ssl connection and i saw some clients sending the buffer size command... However, i tried to follow the normal ftp protocol with USER and PASS commands with the same result... no answer from server... Maybe i need some source code to see the difference with mine... Do you know about any linux sftp that implements ssl implicit connection ? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
Take a look at: http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-TLS.html Ken PBSZ is used when you are negotiating the size of the buffer to be encrypted. If you are using FTP over SSL, the FTP protocol is not performing any authentication or encryption. Therefore, you do not use PBSZ. Yes, you are right... but i'm sure that these servers i connect to use implicit ssl connection and i saw some clients sending the buffer size command... However, i tried to follow the normal ftp protocol with USER and PASS commands with the same result... no answer from server... Maybe i need some source code to see the difference with mine... Do you know about any linux sftp that implements ssl implicit connection ? __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Support InterSoft International, Inc. Voice: 888-823-1541, International 281-398-7060 Fax: 888-823-1542, International 281-398-0221 [EMAIL PROTECTED] http://www.securenetterm.com __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
It is very unclear to me what type of help you are looking for. There are many SSL/TLS FTP client and server implementations available as open source in addition to the specifications for the protocol which are available as an Internet-Draft. What do you need? well, in the previous 2 messages i tried to explain it... I'm writing an ftp client and i would like to add support for implicit ssl connection... the problem is that after the handshake i try to send the PBSZ 0 command but i receive no answer from the server... this is the behavoiur with all of the ftp protocol commands... so, i need some help... even some source code of an ftp client that implement implicit (not the explicit one with AUTH command etc...) ssl connection... can u give me some help ? thank's :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: ftp implicit ssl connection
I think the question was this: why are you trying to invent another secure FTP protocol when there is already a draft IETF standard for bringing up SSL/TLS command and/or data channels in FTP, as well as several open source implementations of that draft protocol. Caveat: I am not an expert on this protocol, I just know of its existance. Andy Sherman Morgan Stanley gomess wrote: It is very unclear to me what type of help you are looking for. There are many SSL/TLS FTP client and server implementations available as open source in addition to the specifications for the protocol which are available as an Internet-Draft. What do you need? well, in the previous 2 messages i tried to explain it... I'm writing an ftp client and i would like to add support for implicit ssl connection... the problem is that after the handshake i try to send the PBSZ 0 command but i receive no answer from the server... this is the behavoiur with all of the ftp protocol commands... so, i need some help... even some source code of an ftp client that implement implicit (not the explicit one with AUTH command etc...) ssl connection... can u give me some help ? thank's :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] -- NOTICE: If received in error, please destroy and notify sender. Sender does not waive confidentiality or privilege, and use is prohibited. begin:vcard n:Sherman;Andrew tel;pager:+1 888 781 1877 tel;cell:+1 917 945 0279 tel;fax:+1 212 507 2046 tel;work:+1 718 754 2276 x-mozilla-html:TRUE url:http://www.morganstanley.com org:img src=http://www.morganstanley.com/img/morgan.gif;;IT Security adr:;;1 Pierrepont Plaza;Brooklyn;NY;11201;US version:2.1 email;internet:[EMAIL PROTECTED] title:Vice President fn:Andrew Sherman end:vcard
Re: ftp implicit ssl connection
It is very unclear to me what type of help you are looking for. There are many SSL/TLS FTP client and server implementations available as open source in addition to the specifications for the protocol which are available as an Internet-Draft. What do you need? gomess wrote: Nobody can help me ? :-(( Please... :-)
ftp implicit ssl connection
Hi,first of all sorry for my english ;-PNext... i'm trying to make a ftp client for linux that uses implicit SSLv23 connection, but i have a problem: when i connect to a server and the ssl connection is established i try to send a command but the server doesn't answer with any byte...Taking a look at the logs of other (windows) clients i've seen that the first command sent is the PBSZ command and i send it too, but i receive no answer...I tried all the ftp commands with the same result...what can i do ? Thank U all :-) Edo
Re: ftp implicit ssl connection
Hi, this is a simple test program i wrote: --- code --- SSL_library_init (); SSL_load_error_strings(); meth= SSLv23_method(); ctx= SSL_CTX_new (meth); sock = socket (AF_INET, SOCK_STREAM, 0); host_p= gethostbyname (argv[1]); addr.sin_family= AF_INET; addr.sin_port= htons (atoi(argv[2])); memcpy (addr.sin_addr, host_p-h_addr, sizeof (struct in_addr)); connect (sock, (struct sockaddr *) addr, sizeof (struct sockaddr_in)); ssl=SSL_new(ctx); sbio=BIO_new_socket(sock,BIO_NOCLOSE); SSL_set_bio(ssl,sbio,sbio); SSL_connect(ssl); SSL_read(ssl,buf,sizeof(buf)); printf (%s, buf); SSL_write (ssl, PBSZ 0\n, 7); while (SSL_read(ssl,buf,sizeof(buf)) 0) printf (%s\n, buf); --- end code I cut all the error checks... can u see where am I wrong ? Thank U :-) __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP with SSL
At 01:55 05.04.2002 +0200, you wrote: heh, i didn't mean to insult anyone of the great ppl who put a lot of effort into the ftp-tls specs. i'm currently working on a client-side implemenation myself. i spent lots of time to get the command data encryption to work. it was pretty hard for me because of the fact that it's not that common yet, i found few documents/sources which i could use, so I just wanted to state that ftp-tls isn't really as widespread and easy-to-use as shttp or secure mail is. ftp-tls is a great thing, tho and i hope it will be established soon (same with ssl-irc, btw). Have a look at the client and server implementations at ftp://ftp.runestig.com/pub/ I found these very helpful for me. Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
FTP with SSL
Hi, I am using the OpenSA web server for my application(which has OpenSSL along with Apache). I am having problems configuring an FTP server to work along with OpenSSL. With http, the FTP server works fine, but when I use https, the FTP server is unable to serve files. Has anyone came across such a situation before? Can anybody tell me if I am doing something wrong? Thanks Manoj. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP with SSL
Hi, I am using the OpenSA web server for my application(which has OpenSSL along with Apache). I am having problems configuring an FTP server to work along with OpenSSL. With http, the FTP server works fine, but when I use https, the FTP server is unable to serve files. Has anyone came across such a situation before? Can anybody tell me if I am doing something wrong? Thanks Manoj. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Why would an FTP server be involved in serving your files via HTTP? Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: FTP with SSL
Let me put it this way : I am using Java as the development platform. From withinside a servlet, if I redirect my response to FTP, if the program is running using http, the redirection works. But if it is ran using https, the redirection fails. Any possible reason? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 04, 2002 2:24 PM To: [EMAIL PROTECTED] Cc: '[EMAIL PROTECTED]' Subject: Re: FTP with SSL Hi, I am using the OpenSA web server for my application(which has OpenSSL along with Apache). I am having problems configuring an FTP server to work along with OpenSSL. With http, the FTP server works fine, but when I use https, the FTP server is unable to serve files. Has anyone came across such a situation before? Can anybody tell me if I am doing something wrong? Thanks Manoj. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Why would an FTP server be involved in serving your files via HTTP? Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP with SSL
secure ftp isn't very advanced yet. there's no rfc of ssl/tls-ftp yet, only a draft. which ftp-server are you using? as far as i know very few ftp-servers have secure ftp implemented yet. glftpd is one of them (www.glftpd.com). There are many servers that have TLS FTP support. See http://www.kermit-project.org/ftpd.html for one list. Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 available now!!! The Kermit Project @ Columbia University includes Telnet, FTP and HTTP http://www.kermit-project.org/ secured with Kerberos, SRP, and [EMAIL PROTECTED]OpenSSL. Interfaces with OpenSSH __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
At 10:27 24.10.2001 +1300, you wrote: On Wed 23 Oct 2001, Scott Klement wrote: For a MS-Windows client that can connect using FTP over SSL, go here: http://www.wsftp.org/ Thanks Scott. Much appreciated. I do not especially want to write my own ssl/ftp client so I'll go with the above links. But be warned that WS FTP uses only 40 bit export ciphers, at least the versions which i checked (V6.6 and V7.0-Tryout). Another possibility is CuteFTP, which uses strong encryption. A possible drawback with both clients is that it is not possible to encrypt only the control connection (in case when you only want to protect the password with SSL). This may have a severe impact on the transfer rate. The third Windows-Client known to me is Igloo FTP, which allows to encrypt only the control connection, but is restricted to weak 40 bit export ciphers too. A further drawback of WS FTP and Cute FTP is, that they use for the data connection a new SSL session (no resumption of the SSL session of the control connection). This leads to an unnecessary high load on the FTP server. Some server may therefore even disallow the use of a separate session for the data connection. All in all there is IMHO no Windows FTP client, which could be currently recommended unrestricted. (CuteFTP: www.globalscape.com, Igloo FTP: www.iglooftp.com). Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
The implementation of AUTH SSL/TLS in the FTP client support that comes with Kermit 95 and C-Kermit 8.0 http://www.kermit-project.org/ftpd.html supports all ciphers supported by OpenSSL; reuses the session for the data connections; and properly performs verification of server certificates unlike several other clients; and supports the use of client certificates. But be warned that WS FTP uses only 40 bit export ciphers, at least the versions which i checked (V6.6 and V7.0-Tryout). Another possibility is CuteFTP, which uses strong encryption. A possible drawback with both clients is that it is not possible to encrypt only the control connection (in case when you only want to protect the password with SSL). This may have a severe impact on the transfer rate. The third Windows-Client known to me is Igloo FTP, which allows to encrypt only the control connection, but is restricted to weak 40 bit export ciphers too. A further drawback of WS FTP and Cute FTP is, that they use for the data connection a new SSL session (no resumption of the SSL session of the control connection). This leads to an unnecessary high load on the FTP server. Some server may therefore even disallow the use of a separate session for the data connection. All in all there is IMHO no Windows FTP client, which could be currently recommended unrestricted. (CuteFTP: www.globalscape.com, Igloo FTP: www.iglooftp.com). Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] Jeffrey Altman * Sr.Software Designer C-Kermit 8.0 Beta available The Kermit Project @ Columbia University includes Secure Telnet and FTP http://www.kermit-project.org/ using Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. SSH soon to follow. __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
At 09:19 24.10.2001 EDT, you wrote: The implementation of AUTH SSL/TLS in the FTP client support that comes with Kermit 95 and C-Kermit 8.0 http://www.kermit-project.org/ftpd.html supports all ciphers supported by OpenSSL; reuses the session for the data connections; and properly performs ver I have tried to get the trial version of the secure variant of K95 with no success (i am directed to the URL http://www.cryptography.org/freecryp.htm which seems to be non-existant), probably because i am living/working outside USA/Canada. All in all there is IMHO no Windows FTP client, which could be currently recommended unrestricted. Well, i should have written Windows FTP client with a GUI ;-). Ciao, Richard -- Dr. Richard W. Könning Fujitsu Siemens Computers GmbH, EP LP COM 5 Phone/Fax: +49-89-636-47852 / 47655 E-Mail: [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Wed, Oct 24, 2001 at 02:56:39PM +0200, Richard Koenning wrote: But be warned that WS FTP uses only 40 bit export ciphers, at least the versions which i checked (V6.6 and V7.0-Tryout). Another possibility is CuteFTP, which uses strong encryption. A possible drawback with both clients is that it is not possible to encrypt only the control connection (in case when you only want to protect the password with SSL). This may have a severe impact on the transfer rate. The third Windows-Client known to me is Igloo FTP, which allows to encrypt only the control connection, but is restricted to weak 40 bit export ciphers too. One more. ;-) plug If you cannot find a Windows GUI client to your satisfaction, try a programmable client. M2Crypto, a Python interface to OpenSSL, offers FTP/TLS client and server in the current snapshot. http://www.post1.com/home/ngps/m2/ /plug -- Ng Pheng Siong [EMAIL PROTECTED] * http://www.post1.com/home/ngps __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Tue, 23 Oct 2001, Hamish Kibblewhite wrote: Hi, I want to be able to get a file from an AS400. I would like to be able to use ftp over SSL. Can anyone point me at what I need to do / read to get a file using SSL? The AS/400 (iSeries/400), in V5R1 of OS/400, is capable of doing FTP over TLS/SSL. Some other people have suggested using SSH, which is _not_ available on the AS/400. To set up FTP over SSL on your AS/400, go here: http://publib.boulder.ibm.com/html/as400/v5r1/ic2924/info/rzain/rzainoverview.htm For a MS-Windows client that can connect using FTP over SSL, go here: http://www.wsftp.org/ I have had a look around with some google searches and believe I can *probably* do this with perl and Net::SSLeay. What I don't understand is how to arrive at the right incantation to make everything happen. I know nothing about certificates / how to use Net::SSLeay to set up a ftp get under SSL and so on...and after all my searching / reading know I have to know a bit about these subjects If anyone can help by pointing at the right documentation to read to know what ssl calls to make and / or point me to SSLeay documentation that would show me how to make the right calls under perl I would be very grateful. If you're *REALLY* looking to write your own FTP client that does SSL, I'd suggest you start by just writing a non-SSL FTP client. Get used to the mechanics of FTP, as this is 98% of the work. Do learn the FTP protocol, go to http://www.rfc-editor.org and do a search for FTP. RFC 959 is the primary standard for FTP, but many little modifications have been released over the years. Once you've gotten familiar with the FTP protocol, then check out the documentation for net::SSLeay, which should explain how to upgrade your TCP connections to be TLS/SSL connections. Aside from which port you connect to, this should be the only difference between standard FTP and SSL-FTP. thanks and regards, Hamish Kibblewhite Hope that helps... __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Tue, Oct 23, 2001 at 11:39:13AM +1300, Hamish Kibblewhite wrote: Hi, I want to be able to get a file from an AS400. I would like to be able to use ftp over SSL. Can anyone point me at what I need to do / read to get a file using SSL? I have had a look around with some google searches and believe I can *probably* do this with perl and Net::SSLeay. What I don't understand is how to arrive at the right incantation to make everything happen. I know nothing about certificates / how to use Net::SSLeay to set up a ftp get under SSL and so on...and after all my searching / reading know I have to know a bit about these subjects If anyone can help by pointing at the right documentation to read to know what ssl calls to make and / or point me to SSLeay documentation that would show me how to make the right calls under perl I would be very grateful. It isn't clear to me whether you're looking for a server, a client, or both... On the server side, there's a patchset for ProFTPd that purports to add TLS support; but I haven't tried it yet. You can find a link to it on the ProFTPd web site (http://www.proftpd.org/) -Pat __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP over SSL
On Wed 23 Oct 2001, Scott Klement wrote: Hi, I want to be able to get a file from an AS400. I would like to be able to use ftp over SSL. Can anyone point me at what I need to do / read to get a file using SSL? The AS/400 (iSeries/400), in V5R1 of OS/400, is capable of doing FTP over TLS/SSL. Some other people have suggested using SSH, which is _not_ available on the AS/400. To set up FTP over SSL on your AS/400, go here: http://publib.boulder.ibm.com/html/as400/v5r1/ic2924/info/rzain/rzainoverview.htm For a MS-Windows client that can connect using FTP over SSL, go here: http://www.wsftp.org/ Thanks Scott. Much appreciated. I do not especially want to write my own ssl/ftp client so I'll go with the above links. regards, Hamish Kibblewhite __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP and SSL
[EMAIL PROTECTED] writes: From: Richard Levitte Uhmmm, yes. Note that I said "wide-spread fashion". The reason I said that is that I never trust a draft to stay current. I trust an RFC a lot more. This is an interesting one !! SSL isn't RFC (it only ever made it to draft) TLS only became an RFC in Jan '99. HTTPS isn't RFC (draft-ietf-tls-https-04.txt) (and isn't likely to be standards track, because it is broken in a multihomed environment) etc... etc... One of the primary objections to SSL was precisely that it never was published in an open fixed form. However, the de facto standard is Netscape's implementation and that's quite stable. You'll note that TLS implementation still lags, even though it's been at Proposed for quite some time. HTTPS has been approved as an Informational RFC. HTTP Upgrade (draft-ietf-tls-http-upgrade-05.txt) has been approved as a Proposed Standard. Both documents are waiting to pop out of the RFC Editor Queue. They should be taken to be relatively stable, since only editorial changes are supposed to occur at this point. -Ekr -- [Eric Rescorla [EMAIL PROTECTED]] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP and SSL
So it appears that your client "might" support AUTH SSL or AUTH TLS but does not support the non-standard ftps ports. Specifying the host as 'host.school.edu:port' changes the behavior of the client, so I am assuming that the client will point to whatever is specified. I could be mistaken, though It will cause the client to point to an alternate port but will not cause the client to automagically start negotiating SSL or TLS. Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP and SSL
At least one implementation is required for Proposed and that implementation does not need to implement all features.. No, this is simply wrong. See RFC2026. Usually, neither implementation nor operational experience is required for the designation of a specification as a Proposed Standard. However, such experience is highly desirable, and will usually represent a strong argument in favor of a Proposed Standard designation. The IESG may require implementation and/or operational experience prior to granting Proposed Standard status to a specification that materially affects the core Internet protocols or that specifies behavior that may have significant operational impact on the Internet. While you are technically correct, the reality is that the IESG is not going to make FTP AUTH SSL or FTP AUTH TLS a Proposed Standard without implementation experience. Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP and SSL
At 06:07 PM 5-3-2000 -0400, you wrote: Has anyone gotten this to work? I have been trying for quite a while, but to no avail Are you using an FTP server that supports the AUTH SSL or AUTH TLS method? Does your FTP client support the AUTH SSL or AUTH TLS method? The FTP client (NetFinder - http://www.ozemail.com.au/~pli/netfinder) documentation says it can use SSL-encryption based on OpenSSL. I've added the following lines to /etc/services: ftps-data989/tcp # ftp protocol, data, over TLS/SSL ftps 990/tcp # ftp protocol, control, over TLS/SSL and to /etc/inetd.conf: ftps stream tcp nowait root/usr/sbin/in.tcpd /usr/local/sbin/sslwrap -cert /usr/certs/sslwrap.pem -port 351 ftps-data stream tcp nowait root/usr/sbin/in.tcpd /usr/local/sbin/sslwrap -cert /usr/certs/sslwrap.pem -port 989 (I have it pointing to port 351, since port 21 is controlled by SafeTP (safetp.cs.berkeley.edu), which then passes unencrypted ftp connections to port 351). All of our 500+ clients use encrypted ftp connections thanks to SafeTP, except for the half dozen Macintosh clients, for whom it was nearly impossible to find security software... Thanks, Mark __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP and SSL
At 06:07 PM 5-3-2000 -0400, you wrote: Has anyone gotten this to work? I have been trying for quite a while, but to no avail Are you using an FTP server that supports the AUTH SSL or AUTH TLS method? Does your FTP client support the AUTH SSL or AUTH TLS method? The FTP client (NetFinder - http://www.ozemail.com.au/~pli/netfinder) documentation says it can use SSL-encryption based on OpenSSL. I've added the following lines to /etc/services: ftps-data989/tcp # ftp protocol, data, over TLS/SSL ftps 990/tcp # ftp protocol, control, over TLS/SSL and to /etc/inetd.conf: ftps stream tcp nowait root/usr/sbin/in.tcpd /usr/local/sbin/sslwrap -cert /usr/certs/sslwrap.pem -port 351 ftps-data stream tcp nowait root/usr/sbin/in.tcpd /usr/local/sbin/sslwrap -cert /usr/certs/sslwrap.pem -port 989 (I have it pointing to port 351, since port 21 is controlled by SafeTP (safetp.cs.berkeley.edu), which then passes unencrypted ftp connections to port 351). All of our 500+ clients use encrypted ftp connections thanks to SafeTP, except for the half dozen Macintosh clients, for whom it was nearly impossible to find security software... So it appears that your client "might" support AUTH SSL or AUTH TLS but does not support the non-standard ftps ports. Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
FTP and SSL
Has anyone gotten this to work? I have been trying for quite a while, but to no avail Thanks, Mark --- Mark Phillips Systems Administrator, Haas Computing Services Haas School of Business University of California Berkeley 545 Student Services Bldg #1900 Berkeley, CA 94720-1900 Fax:510-643-2009 v-mail: 510-643-4070 --- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: FTP and SSL
Has anyone gotten this to work? I have been trying for quite a while, but to no avail Are you using an FTP server that supports the AUTH SSL or AUTH TLS method? Does your FTP client support the AUTH SSL or AUTH TLS method? Jeffrey Altman * Sr.Software Designer * Kermit-95 for Win32 and OS/2 The Kermit Project * Columbia University 612 West 115th St #716 * New York, NY * 10025 http://www.kermit-project.org/k95.html * [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
